[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] more security
On Fri, Nov 12, 1999 at 05:59:09PM +1300, Michael James wrote:
> ****** message to minivend-users from Michael James <mwjames@ak.planet.gen.nz> ******
>
> Hi everyone,
>
> Having followed the security debate I would like to throw this in for comment on the security implications.
>
> Are the security implications different for the following three scenarios
> 1. Credit card number collected via the secure server and saved in a mail box on the local machine.
That implies userspace on the "secure" server, and since minivend needs telnet
access to run, well....
> 2. As above but sent to a mailbox on the local network
Less of an issue with the server, just as big an issue with the mail machine
( though the mail machine might now be just a pop server.)
> 3. As 2 above but collected by someone who has a dial up ppp account with the server.
Same as 2 unless you are preventing people from logging into it
over the net.
90% of security is policy (and sticking to it), 90% of what is left
is reliability and availability. Spread the balance out among
evil people and everything else.
cfm
--
Christopher F. Miller, Publisher cfm@maine.com
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
